Hello community,
here is the log from the commit of package rubygem-rack-1_6 for openSUSE:Factory checked in at 2016-11-14 20:13:59
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-rack-1_6 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-rack-1_6.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-rack-1_6"
Changes:
--------
--- /work/SRC/openSUSE:Factory/rubygem-rack-1_6/rubygem-rack-1_6.changes 2016-07-21 07:55:36.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.rubygem-rack-1_6.new/rubygem-rack-1_6.changes 2016-11-14 20:14:00.000000000 +0100
@@ -1,0 +2,26 @@
+Fri Nov 11 05:49:18 UTC 2016 - coolo@suse.com
+
+- updated to version 1.6.5
+ see installed HISTORY.md
+
+ Sun Dec 4 18:48:03 2015 Jeremy Daer
+
+ * First-party "SameSite" cookies. Browsers omit SameSite cookies
+ from third-party requests, closing the door on many CSRF attacks.
+
+ Pass `same_site: true` (or `:strict`) to enable:
+ response.set_cookie 'foo', value: 'bar', same_site: true
+ or `same_site: :lax` to use Lax enforcement:
+ response.set_cookie 'foo', value: 'bar', same_site: :lax
+
+ Based on version 7 of the Same-site Cookies internet draft:
+ https://tools.ietf.org/html/draft-west-first-party-cookies-07
+
+ Thanks to Ben Toews (@mastahyeti) and Bob Long (@bobjflong) for
+ updating to drafts 5 and 7.
+
+ Wed Jun 24 12:13:37 2015 Aaron Patterson
+
+ * Fix Ruby 1.8 backwards compatibility
+
+-------------------------------------------------------------------
Old:
----
rack-1.6.4.gem
New:
----
rack-1.6.5.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-rack-1_6.spec ++++++
--- /var/tmp/diff_new_pack.ngPL8x/_old 2016-11-14 20:14:02.000000000 +0100
+++ /var/tmp/diff_new_pack.ngPL8x/_new 2016-11-14 20:14:02.000000000 +0100
@@ -24,7 +24,7 @@
#
Name: rubygem-rack-1_6
-Version: 1.6.4
+Version: 1.6.5
Release: 0
%define mod_name rack
%define mod_full_name %{mod_name}-%{version}
++++++ rack-1.6.4.gem -> rack-1.6.5.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/HISTORY.md new/HISTORY.md
--- old/HISTORY.md 2015-06-18 23:51:22.000000000 +0200
+++ new/HISTORY.md 2016-11-10 22:54:15.000000000 +0100
@@ -1,3 +1,23 @@
+Sun Dec 4 18:48:03 2015 Jeremy Daer
+
+ * First-party "SameSite" cookies. Browsers omit SameSite cookies
+ from third-party requests, closing the door on many CSRF attacks.
+
+ Pass `same_site: true` (or `:strict`) to enable:
+ response.set_cookie 'foo', value: 'bar', same_site: true
+ or `same_site: :lax` to use Lax enforcement:
+ response.set_cookie 'foo', value: 'bar', same_site: :lax
+
+ Based on version 7 of the Same-site Cookies internet draft:
+ https://tools.ietf.org/html/draft-west-first-party-cookies-07
+
+ Thanks to Ben Toews (@mastahyeti) and Bob Long (@bobjflong) for
+ updating to drafts 5 and 7.
+
+Wed Jun 24 12:13:37 2015 Aaron Patterson
+
+ * Fix Ruby 1.8 backwards compatibility
+
Fri Jun 19 07:14:50 2015 Matthew Draper
* Work around a Rails incompatibility in our private API
Files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/rack/handler.rb new/lib/rack/handler.rb
--- old/lib/rack/handler.rb 2015-06-18 23:51:22.000000000 +0200
+++ new/lib/rack/handler.rb 2016-11-10 22:54:15.000000000 +0100
@@ -19,13 +19,25 @@
if klass = @handlers[server]
klass.split("::").inject(Object) { |o, x| o.const_get(x) }
else
- const_get(server, false)
+ _const_get(server, false)
end
rescue NameError => name_error
raise load_error || name_error
end
+ begin
+ ::Object.const_get("Object", false)
+ def self._const_get(str, inherit = true)
+ const_get(str, inherit)
+ end
+ rescue
+ def self._const_get(str, inherit = true)
+ const_get(str)
+ end
+ end
+
+
# Select first available Rack handler given an `Array` of server names.
# Raises `LoadError` if no handler was found.
#
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/rack/reloader.rb new/lib/rack/reloader.rb
--- old/lib/rack/reloader.rb 2015-06-18 23:51:22.000000000 +0200
+++ new/lib/rack/reloader.rb 2016-11-10 22:54:16.000000000 +0100
@@ -26,6 +26,7 @@
@last = (Time.now - cooldown)
@cache = {}
@mtimes = {}
+ @reload_mutex = Mutex.new
extend backend
end
@@ -33,7 +34,7 @@
def call(env)
if @cooldown and Time.now > @last + @cooldown
if Thread.list.size > 1
- Thread.exclusive{ reload! }
+ @reload_mutex.synchronize{ reload! }
else
reload!
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/rack/utils.rb new/lib/rack/utils.rb
--- old/lib/rack/utils.rb 2015-06-18 23:51:22.000000000 +0200
+++ new/lib/rack/utils.rb 2016-11-10 22:54:16.000000000 +0100
@@ -311,12 +311,23 @@
rfc2822(value[:expires].clone.gmtime) if value[:expires]
secure = "; secure" if value[:secure]
httponly = "; HttpOnly" if (value.key?(:httponly) ? value[:httponly] : value[:http_only])
+ same_site =
+ case value[:same_site]
+ when false, nil
+ nil
+ when :lax, 'Lax', :Lax
+ '; SameSite=Lax'.freeze
+ when true, :strict, 'Strict', :Strict
+ '; SameSite=Strict'.freeze
+ else
+ raise ArgumentError, "Invalid SameSite value: #{value[:same_site].inspect}"
+ end
value = value[:value]
end
value = [value] unless Array === value
cookie = escape(key) + "=" +
value.map { |v| escape v }.join("&") +
- "#{domain}#{path}#{max_age}#{expires}#{secure}#{httponly}"
+ "#{domain}#{path}#{max_age}#{expires}#{secure}#{httponly}#{same_site}"
case header["Set-Cookie"]
when nil, ''
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/rack.rb new/lib/rack.rb
--- old/lib/rack.rb 2015-06-18 23:51:22.000000000 +0200
+++ new/lib/rack.rb 2016-11-10 22:54:15.000000000 +0100
@@ -20,7 +20,7 @@
# Return the Rack release as a dotted string.
def self.release
- "1.6.4"
+ "1.6.5"
end
PATH_INFO = 'PATH_INFO'.freeze
REQUEST_METHOD = 'REQUEST_METHOD'.freeze
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2015-06-18 23:51:22.000000000 +0200
+++ new/metadata 2016-11-10 22:54:15.000000000 +0100
@@ -1,14 +1,14 @@
--- !ruby/object:Gem::Specification
name: rack
version: !ruby/object:Gem::Version
- version: 1.6.4
+ version: 1.6.5
platform: ruby
authors:
- Christian Neukirchen
autorequire:
bindir: bin
cert_chain: []
-date: 2015-06-18 00:00:00.000000000 Z
+date: 2016-11-10 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: bacon
@@ -148,7 +148,6 @@
- test/cgi/assets/javascripts/app.js
- test/cgi/assets/stylesheets/app.css
- test/cgi/lighttpd.conf
-- test/cgi/lighttpd.errors
- test/cgi/rackup_stub.rb
- test/cgi/sample_rackup.ru
- test/cgi/test
@@ -256,7 +255,7 @@
version: '0'
requirements: []
rubyforge_project: rack
-rubygems_version: 2.4.5
+rubygems_version: 2.5.1
signing_key:
specification_version: 4
summary: a modular Ruby webserver interface
@@ -310,3 +309,4 @@
- test/spec_utils.rb
- test/spec_version.rb
- test/spec_webrick.rb
+has_rdoc:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rack.gemspec new/rack.gemspec
--- old/rack.gemspec 2015-06-18 23:51:22.000000000 +0200
+++ new/rack.gemspec 2016-11-10 22:54:16.000000000 +0100
@@ -1,6 +1,6 @@
Gem::Specification.new do |s|
s.name = "rack"
- s.version = "1.6.4"
+ s.version = "1.6.5"
s.platform = Gem::Platform::RUBY
s.summary = "a modular Ruby webserver interface"
s.license = "MIT"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/cgi/lighttpd.errors new/test/cgi/lighttpd.errors
--- old/test/cgi/lighttpd.errors 2015-06-18 23:51:22.000000000 +0200
+++ new/test/cgi/lighttpd.errors 1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-2015-06-16 14:11:43: (log.c.164) server started
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/spec_handler.rb new/test/spec_handler.rb
--- old/test/spec_handler.rb 2015-06-18 23:51:22.000000000 +0200
+++ new/test/spec_handler.rb 2016-11-10 22:54:16.000000000 +0100
@@ -23,10 +23,19 @@
lambda {
Rack::Handler.get('boom')
}.should.raise(LoadError)
+ end
- lambda {
- Rack::Handler.get('Object')
- }.should.raise(LoadError)
+ should "raise LoadError if handler isn't nested under Rack::Handler" do
+ # Feature-detect whether Ruby can do non-inherited const lookups.
+ # If it can't, then Rack::Handler may lookup non-handler toplevel
+ # constants, so the best we can do is no-op here and not test it.
+ begin
+ Rack::Handler._const_get('Object', false)
+ rescue NameError
+ lambda {
+ Rack::Handler.get('Object')
+ }.should.raise(LoadError)
+ end
end
should "get unregistered, but already required, handler by name" do
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/spec_response.rb new/test/spec_response.rb
--- old/test/spec_response.rb 2015-06-18 23:51:22.000000000 +0200
+++ new/test/spec_response.rb 2016-11-10 22:54:16.000000000 +0100
@@ -97,6 +97,70 @@
response["Set-Cookie"].should.equal "foo=bar"
end
+ it "can set SameSite cookies with symbol value :lax" do
+ response = Rack::Response.new
+ response.set_cookie "foo", {:value => "bar", :same_site => :lax}
+ response["Set-Cookie"].should.equal "foo=bar; SameSite=Lax"
+ end
+
+ it "can set SameSite cookies with symbol value :Lax" do
+ response = Rack::Response.new
+ response.set_cookie "foo", {:value => "bar", :same_site => :lax}
+ response["Set-Cookie"].should.equal "foo=bar; SameSite=Lax"
+ end
+
+ it "can set SameSite cookies with string value 'Lax'" do
+ response = Rack::Response.new
+ response.set_cookie "foo", {:value => "bar", :same_site => "Lax"}
+ response["Set-Cookie"].should.equal "foo=bar; SameSite=Lax"
+ end
+
+ it "can set SameSite cookies with boolean value true" do
+ response = Rack::Response.new
+ response.set_cookie "foo", {:value => "bar", :same_site => true}
+ response["Set-Cookie"].should.equal "foo=bar; SameSite=Strict"
+ end
+
+ it "can set SameSite cookies with symbol value :strict" do
+ response = Rack::Response.new
+ response.set_cookie "foo", {:value => "bar", :same_site => :strict}
+ response["Set-Cookie"].should.equal "foo=bar; SameSite=Strict"
+ end
+
+ it "can set SameSite cookies with symbol value :Strict" do
+ response = Rack::Response.new
+ response.set_cookie "foo", {:value => "bar", :same_site => :Strict}
+ response["Set-Cookie"].should.equal "foo=bar; SameSite=Strict"
+ end
+
+ it "can set SameSite cookies with string value 'Strict'" do
+ response = Rack::Response.new
+ response.set_cookie "foo", {:value => "bar", :same_site => "Strict"}
+ response["Set-Cookie"].should.equal "foo=bar; SameSite=Strict"
+ end
+
+ it "validates the SameSite option value" do
+ response = Rack::Response.new
+ lambda {
+ response.set_cookie "foo", {:value => "bar", :same_site => "Foo"}
+ }.should.raise(ArgumentError).
+ message.should.match(/Invalid SameSite value: "Foo"/)
+ end
+
+ it "can set SameSite cookies with symbol value" do
+ response = Rack::Response.new
+ response.set_cookie "foo", {:value => "bar", :same_site => :Strict}
+ response["Set-Cookie"].should.equal "foo=bar; SameSite=Strict"
+ end
+
+ [ nil, false ].each do |non_truthy|
+ it "omits SameSite attribute given a #{non_truthy.inspect} value" do
+ response = Rack::Response.new
+ response.set_cookie "foo", {:value => "bar", :same_site => non_truthy}
+ response["Set-Cookie"].should.equal "foo=bar"
+ end
+ end
+
it "can delete cookies" do
response = Rack::Response.new
response.set_cookie "foo", "bar"
